For the purpose of this question, let assume that an SSL/TLS connection has 4 parameters:

• protocol,
• symmetric encryption method,
• asymmetric encryption method,
• MAC.

During the negotiation of SSL parameters, a browser tries to achieve the best possible parameters. So, my questions are:

1. What is the proper order of the previous list? I know that all of them important (needed). But I assume that in the code one of them is chosen as the first, then there is second, third and fourth. I believe that choosing TLSv1.2 with DES is more secure than SSLv3 with AES256. So the question is how it is implemented in the browser.
2. Where does browser store this information and whether it can be changed by user?

I know that there can be probably couple of browser-dependent answers, but maybe there are some general rules enforced by SSL/TLS protocol.